From 7369d96f8361c523a7ae4753391a9a7336a89fb8 Mon Sep 17 00:00:00 2001
From: Benny Prijono <bennylp@teluu.com>
Date: Tue, 8 Oct 2013 09:08:13 +0000
Subject: Re #1703: fixing general bugs. First installment: correct handling of
 snprintf return value

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4613 74dad513-b988-da41-8d7b-12977e46ad98
---
 pjnath/src/pjnath/errno.c    | 8 ++++----
 pjnath/src/pjnath/stun_msg.c | 3 ++-
 2 files changed, 6 insertions(+), 5 deletions(-)

(limited to 'pjnath')

diff --git a/pjnath/src/pjnath/errno.c b/pjnath/src/pjnath/errno.c
index df4bdcb7..a6bb471a 100644
--- a/pjnath/src/pjnath/errno.c
+++ b/pjnath/src/pjnath/errno.c
@@ -133,8 +133,8 @@ static pj_str_t pjnath_strerror(pj_status_t statcode,
     errstr.slen = pj_ansi_snprintf(buf, bufsize, 
 				   "Unknown pjnath error %d",
 				   statcode);
-    if (errstr.slen < 0) errstr.slen = 0;
-    else if (errstr.slen > (int)bufsize) errstr.slen = bufsize;
+    if (errstr.slen < 1 || errstr.slen >= (int)bufsize)
+	errstr.slen = bufsize-1;
 
     return errstr;
 }
@@ -164,8 +164,8 @@ static pj_str_t pjnath_strerror2(pj_status_t statcode,
 	    buf[bufsize-1] = '\0';
     }
 
-    if (errstr.slen < 0) errstr.slen = 0;
-    else if (errstr.slen > (int)bufsize) errstr.slen = bufsize;
+    if (errstr.slen < 1 || errstr.slen >= (int)bufsize)
+	errstr.slen = bufsize-1;
 
     return errstr;
 }
diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c
index ffdf09f1..cce914e2 100644
--- a/pjnath/src/pjnath/stun_msg.c
+++ b/pjnath/src/pjnath/stun_msg.c
@@ -2451,7 +2451,8 @@ PJ_DEF(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
 					     "%s in %s",
 					     err_msg1,
 					     pj_stun_get_attr_name(attr_type));
-
+		    if (e.slen < 1 || e.slen >= (int)sizeof(err_msg2))
+			e.slen = sizeof(err_msg2) - 1;
 		    pj_stun_msg_create_response(pool, msg,
 						PJ_STUN_SC_BAD_REQUEST,
 						&e, p_response);
-- 
cgit v1.2.3